Axios Npm Compromise: Malicious Releases Delivered Cross-Platform RAT in Staged Supply-Chain Attack

The discovery that axios npm was used as a vector for a deliberate supply-chain attack has rattled developers: two newly published releases bundled a fake dependency that installed a cross-platform remote access trojan. The compromised npm credentials of the package maintainer allowed attackers to publish versions that executed a postinstall dropper, delivered platform-specific payloads for macOS, Windows and Linux, and then erased traces to evade detection.

Axios Npm: How the compromise was staged

StepSecurity found that versions 1. 14. 1 and 0. 30. 4 of the package introduced a fake dependency named “plain-crypto-js” version 4. 2. 1. The threat actor used the compromised npm account of the primary maintainer (“jasonsaayman”) and changed its registered email to a Proton Mail address. The malicious package was published under a separate npm user identity carrying a Proton Mail address. The attacker is believed to have obtained a long-lived classic npm access token, which permitted direct publication and bypass of the project’s GitHub Actions CI/CD protections.

Cross-platform RAT mechanics and payload behavior

Security analysis shows the injected dependency’s sole purpose was to run a postinstall script that acted as a cross-platform RAT dropper. An obfuscated Node. js dropper file named “setup. js” chooses one of three platform-specific attack paths and contacts a command-and-control endpoint to retrieve a second-stage payload. Each platform sends a distinct POST body to a single C2 URL so the server can return the appropriate binary for macOS, Windows or Linux.

The macOS second-stage is a C++ RAT that fingerprints the host and beacons to its remote server every 60 seconds to retrieve commands. It supports running additional payloads, executing shell commands, enumerating the file system and terminating itself. Analysis of the Linux variant revealed the same command set. Notably, the malware lacks a persistence mechanism, suggesting either a focus on rapid data extraction or an intent to use the RAT’s runtime capabilities to deploy persistence after initial compromise.

Investigators noted operational discipline: the fake dependency and platform payloads were staged well in advance, three separate payloads were pre-built for each operating system, and both targeted release branches were hit within a narrow window. Post-execution behavior included the malware deleting itself and replacing its own package. json with a clean version to hinder forensic discovery.

Immediate consequences, remediation and ecosystem impact

Users running axios npm versions 1. 14. 1 or 0. 30. 4 are instructed to rotate secrets and credentials immediately and to downgrade to safe releases (1. 14. 0 or 0. 30. 3). The malicious releases and the fake dependency have been removed from the registry and are no longer available for download. With the HTTP client reporting more than 83 million weekly downloads, the potential blast radius spans frontend frameworks, backend services and enterprise applications.

StepSecurity described the campaign as targeted rather than opportunistic; the attacker’s staging and rapid execution show planning designed to maximize reach while minimizing forensic evidence. SafeDep’s analysis of the Linux component confirms cross-platform parity in capabilities, reinforcing the view that the actor prepared harmonized payloads to hit multiple environments in parallel.

How will maintainers and registries adapt their controls to prevent another axios npm-style intrusion, and can development teams harden supply-chain hygiene fast enough to blunt similar attacks in the future?